From d044ab56d6ed7eebdd213f0686ffe871639b171c Mon Sep 17 00:00:00 2001 From: Zbigniew Jędrzejewski-Szmek Date: Jul 17 2017 23:34:13 +0000 Subject: Backport some patches --- diff --git a/0001-escape-Fix-help-description-6352.patch b/0001-escape-Fix-help-description-6352.patch new file mode 100644 index 0000000..7b8249d --- /dev/null +++ b/0001-escape-Fix-help-description-6352.patch @@ -0,0 +1,23 @@ +From b2954c2fbed0409adba2687b17fb956f002b2bbe Mon Sep 17 00:00:00 2001 +From: Jeremy Bicha +Date: Thu, 13 Jul 2017 10:44:33 -0400 +Subject: [PATCH] escape: Fix help description (#6352) + +Resolves: #6351(cherry picked from commit 303608c1bcf9568371625fbbd9442946cadba422) +--- + src/escape/escape.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/escape/escape.c b/src/escape/escape.c +index af98c98e40..89e885d47c 100644 +--- a/src/escape/escape.c ++++ b/src/escape/escape.c +@@ -38,7 +38,7 @@ static bool arg_path = false; + + static void help(void) { + printf("%s [OPTIONS...] [NAME...]\n\n" +- "Show system and user paths.\n\n" ++ "Escape strings for usage in system unit names.\n\n" + " -h --help Show this help\n" + " --version Show package version\n" + " --suffix=SUFFIX Unit suffix to append to escaped strings\n" diff --git a/0002-build-sys-install-udev-rule-70-joystick.-rules-hwdb-.patch b/0002-build-sys-install-udev-rule-70-joystick.-rules-hwdb-.patch new file mode 100644 index 0000000..06e6edd --- /dev/null +++ b/0002-build-sys-install-udev-rule-70-joystick.-rules-hwdb-.patch @@ -0,0 +1,51 @@ +From 33145774d9d41ac306f972e0247c9a073d5dbfc9 Mon Sep 17 00:00:00 2001 +From: Christian Hesse +Date: Fri, 14 Jul 2017 18:28:28 +0200 +Subject: [PATCH] build-sys: install udev rule 70-joystick.{rules,hwdb} (#6363) + +* meson: install udev files 70-joystick.{rules,hwdb} +* Makefile: install udev file 70-joystick.hwdb + +(cherry picked from commit 816be2ba448940e2517dba81492e80b1e6a5954f) +--- + Makefile.am | 1 + + hwdb/meson.build | 1 + + rules/meson.build | 1 + + 3 files changed, 3 insertions(+) + +diff --git a/Makefile.am b/Makefile.am +index c16e62280b..b95c93bb98 100644 +--- a/Makefile.am ++++ b/Makefile.am +@@ -4062,6 +4062,7 @@ dist_udevhwdb_DATA = \ + hwdb/60-evdev.hwdb \ + hwdb/60-keyboard.hwdb \ + hwdb/60-sensor.hwdb \ ++ hwdb/70-joystick.hwdb \ + hwdb/70-mouse.hwdb \ + hwdb/70-pointingstick.hwdb \ + hwdb/70-touchpad.hwdb +diff --git a/hwdb/meson.build b/hwdb/meson.build +index 74a93f9ccb..6fceff2b3b 100644 +--- a/hwdb/meson.build ++++ b/hwdb/meson.build +@@ -12,6 +12,7 @@ hwdb_files = files(''' + 60-evdev.hwdb + 60-keyboard.hwdb + 60-sensor.hwdb ++ 70-joystick.hwdb + 70-mouse.hwdb + 70-pointingstick.hwdb + 70-touchpad.hwdb +diff --git a/rules/meson.build b/rules/meson.build +index 0f818a506f..7f4725ad65 100644 +--- a/rules/meson.build ++++ b/rules/meson.build +@@ -12,6 +12,7 @@ rules = files(''' + 60-sensor.rules + 60-serial.rules + 64-btrfs.rules ++ 70-joystick.rules + 70-mouse.rules + 70-touchpad.rules + 75-net-description.rules diff --git a/0003-add-version-argument-to-help-function-6377.patch b/0003-add-version-argument-to-help-function-6377.patch new file mode 100644 index 0000000..817077e --- /dev/null +++ b/0003-add-version-argument-to-help-function-6377.patch @@ -0,0 +1,22 @@ +From a1b21ca91835ec0322ccd0eedf9951ba0e52db80 Mon Sep 17 00:00:00 2001 +From: IPv4v6 +Date: Sat, 15 Jul 2017 13:53:21 +0200 +Subject: [PATCH] add version argument to help function (#6377) + +Signed-off-by: Stefan Pietsch (cherry picked from commit cb4069d95e447e8a01fc3feee6d6cb99669c4c38) +--- + src/core/main.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/src/core/main.c b/src/core/main.c +index 88e2c92504..babcab4978 100644 +--- a/src/core/main.c ++++ b/src/core/main.c +@@ -1091,6 +1091,7 @@ static int help(void) { + printf("%s [OPTIONS...]\n\n" + "Starts up and maintains the system or user services.\n\n" + " -h --help Show this help\n" ++ " --version Show version\n" + " --test Determine startup sequence, dump it and exit\n" + " --no-pager Do not pipe output into a pager\n" + " --dump-configuration-items Dump understood unit configuration items\n" diff --git a/0004-seccomp-arm64-x32-do-not-have-_sysctl.patch b/0004-seccomp-arm64-x32-do-not-have-_sysctl.patch new file mode 100644 index 0000000..1aa9de3 --- /dev/null +++ b/0004-seccomp-arm64-x32-do-not-have-_sysctl.patch @@ -0,0 +1,79 @@ +From 5d56b6fb41fb29cd636e64f079f9a1e1982820be Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= +Date: Sat, 15 Jul 2017 19:28:02 +0000 +Subject: [PATCH] seccomp: arm64/x32 do not have _sysctl + +So don't even try to added the filter to reduce noise. +The test is updated to skip calling _sysctl because the kernel prints +an oops-like message that is confusing and unhelpful: + +Jul 15 21:07:01 rpi3 kernel: test-seccomp[8448]: syscall -10080 +Jul 15 21:07:01 rpi3 kernel: Code: aa0503e4 aa0603e5 aa0703e6 d4000001 (b13ffc1f) +Jul 15 21:07:01 rpi3 kernel: CPU: 3 PID: 8448 Comm: test-seccomp Tainted: G W 4.11.8-300.fc26.aarch64 #1 +Jul 15 21:07:01 rpi3 kernel: Hardware name: raspberrypi rpi/rpi, BIOS 2017.05 06/24/2017 +Jul 15 21:07:01 rpi3 kernel: task: ffff80002bb0bb00 task.stack: ffff800036354000 +Jul 15 21:07:01 rpi3 kernel: PC is at 0xffff8669c7c4 +Jul 15 21:07:01 rpi3 kernel: LR is at 0xaaaac64b6750 +Jul 15 21:07:01 rpi3 kernel: pc : [<0000ffff8669c7c4>] lr : [<0000aaaac64b6750>] pstate: 60000000 +Jul 15 21:07:01 rpi3 kernel: sp : 0000ffffdc640fd0 +Jul 15 21:07:01 rpi3 kernel: x29: 0000ffffdc640fd0 x28: 0000000000000000 +Jul 15 21:07:01 rpi3 kernel: x27: 0000000000000000 x26: 0000000000000000 +Jul 15 21:07:01 rpi3 kernel: x25: 0000000000000000 x24: 0000000000000000 +Jul 15 21:07:01 rpi3 kernel: x23: 0000000000000000 x22: 0000000000000000 +Jul 15 21:07:01 rpi3 kernel: x21: 0000aaaac64b4940 x20: 0000000000000000 +Jul 15 21:07:01 rpi3 kernel: x19: 0000aaaac64b88f8 x18: 0000000000000020 +Jul 15 21:07:01 rpi3 kernel: x17: 0000ffff8669c7a0 x16: 0000aaaac64d2ee0 +Jul 15 21:07:01 rpi3 kernel: x15: 0000000000000000 x14: 0000000000000000 +Jul 15 21:07:01 rpi3 kernel: x13: 203a657275746365 x12: 0000000000000000 +Jul 15 21:07:01 rpi3 kernel: x11: 0000ffffdc640418 x10: 0000000000000000 +Jul 15 21:07:01 rpi3 kernel: x9 : 0000000000000005 x8 : 00000000ffffd8a0 +Jul 15 21:07:01 rpi3 kernel: x7 : 7f7f7f7f7f7f7f7f x6 : 7f7f7f7f7f7f7f7f +Jul 15 21:07:01 rpi3 kernel: x5 : 65736d68716f7277 x4 : 0000000000000000 +Jul 15 21:07:01 rpi3 kernel: x3 : 0000000000000008 x2 : 0000000000000000 +Jul 15 21:07:01 rpi3 kernel: x1 : 0000000000000000 x0 : 0000000000000000 +Jul 15 21:07:01 rpi3 kernel: + +(cherry picked from commit 1e20e640132c700c23494bb9e2619afb83878380) +(cherry picked from commit 2e64e8f46d726689a44d4084226fe3e0ea255c29) +--- + src/shared/seccomp-util.c | 4 ++++ + src/test/test-seccomp.c | 4 ++++ + 2 files changed, 8 insertions(+) + +diff --git a/src/shared/seccomp-util.c b/src/shared/seccomp-util.c +index 36843d4bf5..1a8bfbe416 100644 +--- a/src/shared/seccomp-util.c ++++ b/src/shared/seccomp-util.c +@@ -899,6 +899,10 @@ int seccomp_protect_sysctl(void) { + + log_debug("Operating on architecture: %s", seccomp_arch_to_string(arch)); + ++ if (IN_SET(arch, SCMP_ARCH_X32, SCMP_ARCH_AARCH64)) ++ /* No _sysctl syscall */ ++ continue; ++ + r = seccomp_init_for_arch(&seccomp, arch, SCMP_ACT_ALLOW); + if (r < 0) + return r; +diff --git a/src/test/test-seccomp.c b/src/test/test-seccomp.c +index efd145e063..50fe24c794 100644 +--- a/src/test/test-seccomp.c ++++ b/src/test/test-seccomp.c +@@ -244,13 +244,17 @@ static void test_protect_sysctl(void) { + assert_se(pid >= 0); + + if (pid == 0) { ++#if __NR__sysctl > 0 + assert_se(syscall(__NR__sysctl, NULL) < 0); + assert_se(errno == EFAULT); ++#endif + + assert_se(seccomp_protect_sysctl() >= 0); + ++#if __NR__sysctl > 0 + assert_se(syscall(__NR__sysctl, 0, 0, 0) < 0); + assert_se(errno == EPERM); ++#endif + + _exit(EXIT_SUCCESS); + } diff --git a/0005-seccomp-arm64-does-not-have-mmap2.patch b/0005-seccomp-arm64-does-not-have-mmap2.patch new file mode 100644 index 0000000..ea9e622 --- /dev/null +++ b/0005-seccomp-arm64-does-not-have-mmap2.patch @@ -0,0 +1,40 @@ +From e04118bd11f8268e7ee7b893f861f18f03bc6970 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= +Date: Sat, 15 Jul 2017 19:30:01 +0000 +Subject: [PATCH] seccomp: arm64 does not have mmap2 + +I messed up when adding the definitions in 4278d1f5310f5acb4c6a6788233625234edb5145. +Unfortunately I didn't have the hardware at hand and went by +looking at the kernel headers. + +(cherry picked from commit 53196fafcb7b24b45ed4f48ab894d00a24a6d871) +(cherry picked from commit 79873bc850177050baa0c5165b119adafeebb891) +--- + src/shared/seccomp-util.c | 7 ++----- + 1 file changed, 2 insertions(+), 5 deletions(-) + +diff --git a/src/shared/seccomp-util.c b/src/shared/seccomp-util.c +index 1a8bfbe416..637ee8526e 100644 +--- a/src/shared/seccomp-util.c ++++ b/src/shared/seccomp-util.c +@@ -1223,10 +1223,6 @@ int seccomp_memory_deny_write_execute(void) { + + break; + +- case SCMP_ARCH_AARCH64: +- block_syscall = SCMP_SYS(mmap); +- /* fall through */ +- + case SCMP_ARCH_ARM: + filter_syscall = SCMP_SYS(mmap2); /* arm has only mmap2 */ + shmat_syscall = SCMP_SYS(shmat); +@@ -1234,7 +1230,8 @@ int seccomp_memory_deny_write_execute(void) { + + case SCMP_ARCH_X86_64: + case SCMP_ARCH_X32: +- filter_syscall = SCMP_SYS(mmap); /* amd64 and x32 have only mmap */ ++ case SCMP_ARCH_AARCH64: ++ filter_syscall = SCMP_SYS(mmap); /* amd64, x32, and arm64 have only mmap */ + shmat_syscall = SCMP_SYS(shmat); + break; + diff --git a/0006-test-seccomp-arm64-does-not-have-access-and-poll.patch b/0006-test-seccomp-arm64-does-not-have-access-and-poll.patch new file mode 100644 index 0000000..7000aa4 --- /dev/null +++ b/0006-test-seccomp-arm64-does-not-have-access-and-poll.patch @@ -0,0 +1,41 @@ +From 5a3e65fa2537b31334ccb8b73a28208a3b535076 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= +Date: Sat, 15 Jul 2017 19:30:48 +0000 +Subject: [PATCH] test-seccomp: arm64 does not have access() and poll() + +glibc uses faccessat and ppoll, so just add a filters for that. + +(cherry picked from commit abc0213839fef92e2e2b98a434914f22ece48490) +(cherry picked from commit f60a865a496e1e6fde7436b4013dd8ff677f29a1) +--- + src/test/test-seccomp.c | 8 ++++++++ + 1 file changed, 8 insertions(+) + +diff --git a/src/test/test-seccomp.c b/src/test/test-seccomp.c +index 50fe24c794..28fe206507 100644 +--- a/src/test/test-seccomp.c ++++ b/src/test/test-seccomp.c +@@ -529,7 +529,11 @@ static void test_load_syscall_filter_set_raw(void) { + assert_se(poll(NULL, 0, 0) == 0); + + assert_se(s = set_new(NULL)); ++#if SCMP_SYS(access) >= 0 + assert_se(set_put(s, UINT32_TO_PTR(__NR_access + 1)) >= 0); ++#else ++ assert_se(set_put(s, UINT32_TO_PTR(__NR_faccessat + 1)) >= 0); ++#endif + + assert_se(seccomp_load_syscall_filter_set_raw(SCMP_ACT_ALLOW, s, SCMP_ACT_ERRNO(EUCLEAN)) >= 0); + +@@ -541,7 +545,11 @@ static void test_load_syscall_filter_set_raw(void) { + s = set_free(s); + + assert_se(s = set_new(NULL)); ++#if SCMP_SYS(poll) >= 0 + assert_se(set_put(s, UINT32_TO_PTR(__NR_poll + 1)) >= 0); ++#else ++ assert_se(set_put(s, UINT32_TO_PTR(__NR_ppoll + 1)) >= 0); ++#endif + + assert_se(seccomp_load_syscall_filter_set_raw(SCMP_ACT_ALLOW, s, SCMP_ACT_ERRNO(EUNATCH)) >= 0); + diff --git a/0007-fstab-generator-ignore-x-systemd.device-timeout-for-.patch b/0007-fstab-generator-ignore-x-systemd.device-timeout-for-.patch new file mode 100644 index 0000000..16e85bf --- /dev/null +++ b/0007-fstab-generator-ignore-x-systemd.device-timeout-for-.patch @@ -0,0 +1,31 @@ +From 713917bd94272fc65d94016a208b72309ae1320a Mon Sep 17 00:00:00 2001 +From: NeilBrown +Date: Mon, 17 Jul 2017 18:03:34 +1000 +Subject: [PATCH] fstab-generator: ignore x-systemd.device-timeout for + non-devices (#6368) + +If you specify "x-systemd.device-timeout" for an NFS mount +point, you get no warning and a meaningless device unit +dependency created. + +Better to have a warning and no dependency. +(cherry picked from commit c67bd1f758f087496741ce0b3e227d82c6b4a304) +--- + src/shared/generator.c | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/src/shared/generator.c b/src/shared/generator.c +index 6a78ebbda7..6a887e3aad 100644 +--- a/src/shared/generator.c ++++ b/src/shared/generator.c +@@ -182,6 +182,10 @@ int generator_write_timeouts( + node = fstab_node_to_udev_node(what); + if (!node) + return log_oom(); ++ if (!is_device_path(node)) { ++ log_warning("x-systemd.device-timeout ignored for %s", what); ++ return 0; ++ } + + r = unit_name_from_path(node, ".device", &unit); + if (r < 0) diff --git a/0008-core-modify-resource-leak-by-SmackProcessLabel.patch b/0008-core-modify-resource-leak-by-SmackProcessLabel.patch new file mode 100644 index 0000000..d27b8e9 --- /dev/null +++ b/0008-core-modify-resource-leak-by-SmackProcessLabel.patch @@ -0,0 +1,22 @@ +From 83030c7aea991d863591df2e09d41bb19d6e01d0 Mon Sep 17 00:00:00 2001 +From: WaLyong Cho +Date: Thu, 13 Jul 2017 13:06:34 +0900 +Subject: [PATCH] core: modify resource leak by SmackProcessLabel= + +(cherry picked from commit 5b8e1b7755092e162bcf0bad8afe2e55dfbbd9e2) +--- + src/core/execute.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/src/core/execute.c b/src/core/execute.c +index d72e5bf08c..4ed133fb6a 100644 +--- a/src/core/execute.c ++++ b/src/core/execute.c +@@ -3099,6 +3099,7 @@ void exec_context_done(ExecContext *c) { + c->utmp_id = mfree(c->utmp_id); + c->selinux_context = mfree(c->selinux_context); + c->apparmor_profile = mfree(c->apparmor_profile); ++ c->smack_process_label = mfree(c->smack_process_label); + + c->syscall_filter = set_free(c->syscall_filter); + c->syscall_archs = set_free(c->syscall_archs); diff --git a/0009-core-dump-also-missed-security-context.patch b/0009-core-dump-also-missed-security-context.patch new file mode 100644 index 0000000..40ab919 --- /dev/null +++ b/0009-core-dump-also-missed-security-context.patch @@ -0,0 +1,31 @@ +From d8e3c9d25867f7081f060f1491186b6e3b30975b Mon Sep 17 00:00:00 2001 +From: WaLyong Cho +Date: Thu, 13 Jul 2017 13:10:41 +0900 +Subject: [PATCH] core: dump also missed security context + +(cherry picked from commit 80c21aea118eeccfb2a0fcc5986b4432588dc857) +--- + src/core/execute.c | 10 ++++++++++ + 1 file changed, 10 insertions(+) + +diff --git a/src/core/execute.c b/src/core/execute.c +index 4ed133fb6a..62faa028a1 100644 +--- a/src/core/execute.c ++++ b/src/core/execute.c +@@ -3614,6 +3614,16 @@ void exec_context_dump(ExecContext *c, FILE* f, const char *prefix) { + "%sSELinuxContext: %s%s\n", + prefix, c->selinux_context_ignore ? "-" : "", c->selinux_context); + ++ if (c->apparmor_profile) ++ fprintf(f, ++ "%sAppArmorProfile: %s%s\n", ++ prefix, c->apparmor_profile_ignore ? "-" : "", c->apparmor_profile); ++ ++ if (c->smack_process_label) ++ fprintf(f, ++ "%sSmackProcessLabel: %s%s\n", ++ prefix, c->smack_process_label_ignore ? "-" : "", c->smack_process_label); ++ + if (c->personality != PERSONALITY_INVALID) + fprintf(f, + "%sPersonality: %s\n", diff --git a/0010-journald-make-sure-we-retain-all-stream-fds-across-r.patch b/0010-journald-make-sure-we-retain-all-stream-fds-across-r.patch new file mode 100644 index 0000000..1546e98 --- /dev/null +++ b/0010-journald-make-sure-we-retain-all-stream-fds-across-r.patch @@ -0,0 +1,32 @@ +From 3dd07ebf08dd630b0f50dfff3ef6d05628b8708b Mon Sep 17 00:00:00 2001 +From: Michal Sekletar +Date: Mon, 17 Jul 2017 10:04:37 +0200 +Subject: [PATCH] journald: make sure we retain all stream fds across restarts + (#6348) + +Currently we set 4096 as maximum for number of stream connections that +we accept. However maximum number of file descriptors that systemd is +willing to accept from us is just 1024. This means we can't retain all +stream connections that we accepted. Hence bump the limit of fds in a +unit file so that systemd holds open all stream fds while we are +restarted. + +New limit is set to 4224 (4096 + 128). +(cherry picked from commit 3c978aca69e0e43d4dd453437ec9c498ea788795) +--- + units/systemd-journald.service.in | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/units/systemd-journald.service.in b/units/systemd-journald.service.in +index 66b7c6a48e..1e86d63648 100644 +--- a/units/systemd-journald.service.in ++++ b/units/systemd-journald.service.in +@@ -21,7 +21,7 @@ Restart=always + RestartSec=0 + StandardOutput=null + WatchdogSec=3min +-FileDescriptorStoreMax=1024 ++FileDescriptorStoreMax=4224 + CapabilityBoundingSet=CAP_SYS_ADMIN CAP_DAC_OVERRIDE CAP_SYS_PTRACE CAP_SYSLOG CAP_AUDIT_CONTROL CAP_AUDIT_READ CAP_CHOWN CAP_DAC_READ_SEARCH CAP_FOWNER CAP_SETUID CAP_SETGID CAP_MAC_OVERRIDE + MemoryDenyWriteExecute=yes + RestrictRealtime=yes diff --git a/0011-Use-config_parse_sec_fix_0-also-for-JobRunningTimeou.patch b/0011-Use-config_parse_sec_fix_0-also-for-JobRunningTimeou.patch new file mode 100644 index 0000000..6a275fa --- /dev/null +++ b/0011-Use-config_parse_sec_fix_0-also-for-JobRunningTimeou.patch @@ -0,0 +1,37 @@ +From d52e2bb9c20216972754c054e8534bca28baab66 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= +Date: Mon, 17 Jul 2017 15:45:44 -0400 +Subject: [PATCH] Use config_parse_sec_fix_0() also for JobRunningTimeoutSec + +2d79a0bbb9f651656384a0a86ed814e6306fb5dd did that for TimeoutSec=, +89beff89edba592366b2960bd830d3f6e602c2c7 did that for JobTimeoutSec=, +and 0004f698df1410ef8b6ab3fb5f4b41a60c91182c did that for +x-systemd.device-timeout=. But after parsing x-systemd.device-timeout=xxx +we write it out as JobRunningTimeoutSec=xxx. Two options: +- write out JobRunningTimeoutSec=, +- change JobRunningTimeoutSec= to behave like the other options. + +I think it would be confusing for JobRunningTimeoutSec= to have different +syntax then TimeoutSec= and JobTimeoutSec=, so this patch implements the +second option. + +Fixes #6264, https://bugzilla.redhat.com/show_bug.cgi?id=1462378. + +(cherry picked from commit 4a06cbf8387555c7c04a1ee6f0c5a6f858bf4b19) +--- + src/core/load-fragment-gperf.gperf.m4 | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/core/load-fragment-gperf.gperf.m4 b/src/core/load-fragment-gperf.gperf.m4 +index 5b5a86250e..7fb39cf948 100644 +--- a/src/core/load-fragment-gperf.gperf.m4 ++++ b/src/core/load-fragment-gperf.gperf.m4 +@@ -194,7 +194,7 @@ Unit.OnFailureIsolate, config_parse_job_mode_isolate, 0, + Unit.IgnoreOnIsolate, config_parse_bool, 0, offsetof(Unit, ignore_on_isolate) + Unit.IgnoreOnSnapshot, config_parse_warn_compat, DISABLED_LEGACY, 0 + Unit.JobTimeoutSec, config_parse_sec_fix_0, 0, offsetof(Unit, job_timeout) +-Unit.JobRunningTimeoutSec, config_parse_sec, 0, offsetof(Unit, job_running_timeout) ++Unit.JobRunningTimeoutSec, config_parse_sec_fix_0, 0, offsetof(Unit, job_running_timeout) + Unit.JobTimeoutAction, config_parse_emergency_action, 0, offsetof(Unit, job_timeout_action) + Unit.JobTimeoutRebootArgument, config_parse_unit_string_printf, 0, offsetof(Unit, job_timeout_reboot_arg) + Unit.StartLimitIntervalSec, config_parse_sec, 0, offsetof(Unit, start_limit.interval) diff --git a/systemd.spec b/systemd.spec index 98a0a3c..71f7b47 100644 --- a/systemd.spec +++ b/systemd.spec @@ -13,7 +13,7 @@ Name: systemd Url: http://www.freedesktop.org/wiki/Software/systemd Version: 234 -Release: 2%{?gitcommit:.git%{gitcommitshort}}%{?dist} +Release: 3%{?gitcommit:.git%{gitcommitshort}}%{?dist} # For a breakdown of the licensing, see README License: LGPLv2+ and MIT and GPLv2+ Summary: System and Service Manager @@ -41,11 +41,23 @@ Source11: 20-grubby.install Source12: https://raw.githubusercontent.com/systemd/systemd/1000522a60ceade446773c67031b47a566d4a70d/src/login/systemd-user.m4 %if 0 -GIT_DIR=../../src/systemd/.git git format-patch-ab --no-signature -M -N v233..v233-stable +GIT_DIR=../../src/systemd/.git git format-patch-ab --no-signature -M -N v234..v234-stable i=1; for j in 00*patch; do printf "Patch%04d: %s\n" $i $j; i=$((i+1));done|xclip GIT_DIR=../../src/systemd/.git git diffab -M v233..master@{2017-06-15} -- hwdb/[67]* hwdb/parse_hwdb.py > hwdb.patch %endif +Patch0001: 0001-escape-Fix-help-description-6352.patch +Patch0002: 0002-build-sys-install-udev-rule-70-joystick.-rules-hwdb-.patch +Patch0003: 0003-add-version-argument-to-help-function-6377.patch +Patch0004: 0004-seccomp-arm64-x32-do-not-have-_sysctl.patch +Patch0005: 0005-seccomp-arm64-does-not-have-mmap2.patch +Patch0006: 0006-test-seccomp-arm64-does-not-have-access-and-poll.patch +Patch0007: 0007-fstab-generator-ignore-x-systemd.device-timeout-for-.patch +Patch0008: 0008-core-modify-resource-leak-by-SmackProcessLabel.patch +Patch0009: 0009-core-dump-also-missed-security-context.patch +Patch0010: 0010-journald-make-sure-we-retain-all-stream-fds-across-r.patch +Patch0011: 0011-Use-config_parse_sec_fix_0-also-for-JobRunningTimeou.patch + Patch0998: 0998-resolved-create-etc-resolv.conf-symlink-at-runtime.patch %global num_patches %{lua: c=0; for i,p in ipairs(patches) do c=c+1; end; print(c);} @@ -1027,6 +1039,10 @@ getent passwd systemd-journal-upload &>/dev/null || useradd -r -l -g systemd-jou %{pkgdir}/tests %changelog +* Mon Jul 17 2017 Zbigniew Jędrzejewski-Szmek - 234-3 +- Fix x-systemd.timeout=0 in /etc/fstab (#1462378) +- Minor patches (memleaks, --help fixes, seccomp on arm64) + * Thu Jul 13 2017 Zbigniew Jędrzejewski-Szmek - 234-2 - Create kvm group (#1431876)